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The  increase  in  online  activities  which  involve  people’s  identification  infonnation 
means  that  identity  theft  has  become  a  widespread  computer  security  issue.  Identity  theft 
is  defined  as  the  misuse  of  personal  information  and  identity.  To  address  this  problem, 
an  Infonnation  Assurance  training  tool,  such  as  CyberCIEGE,  can  be  used  for  user 
awareness  and  education. 

This  thesis  incorporated  current  research  on  identity  theft  attacks  and  prevention 
techniques  into  a  customized  scenario  definition  file  for  the  CyberCIEGE  game  engine. 
The  scenario  teaches  players  about  methods  of  identity  theft  prevention  in  computing  and 
networked  environments  by  focusing  on  four  main  prevention  techniques:  updating 
antivirus  protection  regularly,  being  cautious  about  executable  email  attachments, 
resisting  phishing  attacks,  and  using  secure  web  browser  connections  for  online 
transactions. 

After  scenario  development,  an  informal  test  process  of  the  Identity  Theft 
scenario  was  conducted.  Testing  found  that  the  experienced  and  expected  results 
coincided.  Recommendations  for  improvement  of  the  CyberCIEGE  game  engine, 
Scenario  Definition  Tool,  and  Identity  Theft  scenario  were  also  provided. 
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I.  INTRODUCTION 


A.  THESIS  STATEMENT 

Identity  theft  is  a  widespread  computer  security  issue  which  needs  to  be  addressed 
through  user  awareness  and  training.  To  speak  to  this  need,  this  thesis  incorporates 
current  research  on  identity  theft  attacks  and  prevention  techniques  into  a  customized 
scenario  definition  file  for  the  CyberCIEGE  game  engine.  The  scenario  will  serve  to 
teach  players  about  methods  of  identity  theft  prevention  in  computing  and  networked 
environments. 

B.  THESIS  ENVIRONMENT 

In  both  the  corporate  and  government  environments,  employees  are  often  required 
to  undergo  infonnational  and  user  training  sessions.  For  example,  new  employees 
undergo  orientation  on  policies  such  as  the  company’s  password  policy,  computer  usage 
policy,  or  security  policy.  Traditional  orientation  methods  of  sitting  in  a  room  and 
verbally  going  over  all  the  information  may  cause  users  to  feel  inundated  and 
overwhelmed.  This  can  cause  the  important  security  infonnation  to  be  lost  in  the  shuffle. 
However,  by  developing  new  methods  of  training,  such  as  simulation  games  or 
educational  tools,  companies  can  provide  a  more  engaging  learning  experience  for  their 
employees.  “By  capturing  students’  imaginations  and  generating  a  sense  of  competition, 
games  provide  a  stimulating  environment  in  which  the  participant  has  a  stake  in  the 
outcome”  (Irvine,  Thompson,  and  Allen  2005,  61).  Also,  by  having  alternative  training 
techniques,  companies  will  be  able  to  cater  to  different  learning  styles.  For  example,  a 
visual  learner  would  benefit  from  being  trained  with  CyberCIEGE  because  they  can  see 
the  concepts  in  action. 

The  Center  for  Information  Systems  Studies  and  Research  (CISR)  at  the  Naval 
Postgraduate  School  is  currently  developing  CyberCIEGE,  a  DOD  educational  tool 
developed  to  train  users  in  Information  Assurance  concepts  in  a  virtual  environment. 
“CyberCIEGE  consists  of  several  elements:  a  simulation  engine,  a  scenario-definition 
language,  a  scenario-development  tool,  and  a  video-enhanced  encyclopedia”  (Irvine, 
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Thompson,  and  Allen  2005,  62).  In  any  given  scenario,  a  CyberCIEGE  player  is 
presented  with  a  budget  and  must  make  security-related  decisions  to  help  the  virtual  user 
achieve  his  or  her  objectives  and  be  productive.  If  goals  are  not  achieved,  the  player  will 
encounter  consequences,  such  as  financial  penalties.  Poor  security  decisions  lead  to 
compromised  assets.  “Using  the  potential  tension  between  strong  security  and  user 
productivity,  CyberCIEGE  illustrates  that  many  security  choices  are  an  exercise  in  risk 
management”  (Irvine,  Thompson,  and  Allen  2005,  61). 

This  thesis  expanded  the  current  training  suite  by  providing  the  player  with  an 
identity  theft  scenario.  It  deviates  from  the  existing  scenarios  by  being  set  in  the  user’s 
home  versus  a  workplace  environment.  This  scenario  trains  home  computer  users  about 
how  they  should  configure  and  operate  their  personal  computers  to  prevent  identity  theft. 
The  techniques  and  concepts  of  identity  theft  prevention  presented  in  the  scenario  can  be 
applied  to  any  computing  environment. 


C.  THESIS  OVERVIEW 

Research  about  current  prevalent  identity  theft  attacks  was  conducted  and 
analyzed  in  order  to  develop  the  CyberCIEGE  scenario.  In  the  scenario,  the  player 
configures  a  personal  computer  to  be  protected  from  identity  theft  attacks  by  selecting 
various  configuration  settings.  The  player  attempts  to  influence  the  behavior  of  a  virtual 
user  through  various  procedural  policy  settings.  After  scenario  development,  a  test  plan 
was  constructed  to  identify  the  means  of  testing  the  scenario.  Test  goals  included 
whether  or  not  the  scenario  definition  file  worked  properly  and  successfully  conveyed 
identity  theft  prevention  techniques.  Specific  test  cases  were  defined  in  terms  of 
anticipated  player  choices  and  expected  results.  The  final  scenario  was  run  against  these 
test  cases. 

The  thesis  is  divided  into  chapters  as  follows: 

I.  Introduction  -  This  chapter  discusses  the  scope,  environment,  and  outline  of 
the  thesis. 
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II.  Identity  Theft  -  This  chapter  provides  the  motivation  behind  the  scenario 
development  by  highlighting  research  about  the  current  threats  and  methods 
of  prevention  of  identity  theft. 

III.  Scenario  Overview  -  This  chapter  depicts  the  developed  scenario  in  detail  by 
describing  the  storyline  and  scenario  components,  such  as  zones,  assets, 
users,  objectives,  and  feedback.  This  chapter  also  provides  context  to  the 
scenario  by  discussing  the  intended  audience  and  educational  goals  of  the 
scenario. 

IV.  Testing  -  This  chapter  describes  the  testing  process  in  terms  of  the  test 
strategy  and  test  cases.  It  also  discusses  the  testing  of  the  CyberCIEGE 
game  engine  and  Scenario  Definition  Tool. 

V.  Conclusion  -  This  chapter  provides  insights  of  how  this  thesis  could  be 
extended  in  the  future  and  recommendations  for  improving  the  CyberCIEGE 
game  engine  and  Scenario  Definition  Tool. 
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II.  IDENTITY  THEFT 


A.  WHAT  IS  IDENTITY  THEFT? 

Identity  theft  has  become  such  a  prevalent  threat  to  our  security  that  the  subject 
matter  pervades  current  popular  culture.  Movies  such  as  The  Net;  Single,  White,  Female; 
and  Catch  Me  If  You  Can  speak  to  the  dangers  of  what  can  happen  when  our  personal 
information  falls  into  the  wrong  hands.  Credit  card  commercials  exist  that  attempt  to  use 
humor  to  raise  the  public’s  awareness  of  the  dangers  of  identity  theft.  Storylines  in 
popular  television  shows,  such  as  General  Hospital,  also  represent  this  rise  in  public 
awareness  of  identity  theft.  Yet  despite  the  fact  that  identity  theft  has  become  a  part  of 
society’s  vocabulary,  information  on  how  to  prevent  and  protect  ourselves  from  identity 
theft  has  yet  to  become  as  pervasive. 

Identity  theft  is  defined  as  the  “misuse  of  a  another  person’s  identity,  such  as 
name,  social  security  number,  driver’s  license,  credit  card  numbers,  and  bank  account 
numbers”  (Denning  1999,  241).  A  victim’s  personal  information  can  be  used  for  both 
financial  gain  and  to  physically  misrepresent  the  victim  to  people  such  as  law 
enforcement  officials,  employers  or  medical  providers.  According  to  a  2003  survey  by 
the  Federal  Trade  Commission,  identity  theft  fraud  can  be  broken  down  into  three  main 
types  of  misuse:  new  accounts  and  other  fraud,  misuse  of  existing  non-credit  card 
accounts  or  account  numbers,  and  misuse  of  existing  credit  cards  or  credit  card  numbers. 
The  Federal  Trade  Commission  found  that  “almost  10  million  Americans  have 
discovered  that  they  were  the  victim  of  some  fonn  of  ID  Theft  within  the  last  year,”  and 
that  the  number  of  victims  is  increasing  every  year  (Synovate  2003,  4).  The  amount  of 
time  associated  with  resolving  the  problems  that  arise  in  the  aftermath  of  identity  theft 
should  also  be  considered  a  cost  of  identity  theft.  In  2003,  “Americans  spent  almost  300 
million  hours  resolving  problems  related  to  ID  Theft  in  the  past  year”  (Synovate  2003,  6). 

Not  only  does  identity  theft  impact  the  consumer,  but  it  also  negatively  affects 
business  and  banks.  The  Federal  Trade  Commission  estimated  that  the  loss  to  businesses 
and  banks  totaled  around  thirty-three  billion  dollars  in  2003  (Synovate  2003,  6). 
Businesses  and  financial  institutions  have  had  to  keep  up  with  the  increase  in  identity 
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theft  by  developing  new  services.  For  example,  most  credit  card  providers  now  provide 
the  option  of  placing  the  credit  card  owner’s  picture  on  the  credit  cards  for  authentication 
purposes.  Similarly,  since  monitoring  one’s  credit  report  is  a  commonly  recommended 
technique  to  prevent  identity  theft,  some  financial  institutions  now  allow  consumers  to 
buy  identity  theft  prevention  each  month  through  special  credit  checking  services. 
Identity  theft  is  a  costly  threat  which  needs  to  be  addressed  in  one  way  or  another. 


B.  THREATS 

“The  greatest  threat  to  security  is  not  privacy  but  convenience”  (Caloyannides 
2004,  84).  Services  such  as  paying  bills,  banking,  stock  trading,  and  purchasing  products 
are  now  becoming  more  prevalent  online.  On  the  outside  of  the  return  envelopes, 
telephone  and  electric  companies,  such  as  SBC  and  PG&E,  are  encouraging  their 
customers  to  receive  and  pay  their  bills  online.  The  Federal  Trade  Commission  found 
that  13%  of  their  survey  respondents  claimed  that  their  personal  infonnation  was  stolen 
through  transactions,  such  as  online  purchasing  (Synovate  2003,  31).  These  online 
services  include  a  fonn  of  identification  and  authentication,  usually  in  the  form  of  a 
username  and  password.  While  making  it  more  convenient  for  people  to  pay  bills  and  see 
information  about  their  accounts,  it  also  leaves  personal  infonnation  open  to  cyberattacks 
and  identity  theft. 

Social  engineering  is  a  key  way  that  personal  infonnation  is  collected  for  misuse. 
Infosecurity  Europe  conducted  a  survey  in  London  that  found  that  “more  than  70%  of 
people  would  reveal  their  computer  password  in  exchange  for  a  bar  of  chocolate”  (BBC 
News  2004).  People  end  up  becoming  their  own  worst  enemies,  particularly  when  free 
items  are  involved.  For  example,  stores  attempt  to  entice  consumers  to  sign  up  for  store- 
sponsored  credit  cards  by  providing  incentives  and  discounts  at  the  price  of  personal 
information  and  a  signature  on  an  application  fonn.  Social  engineering  can  be  used 
directly  on  the  individual  to  gain  their  information,  as  in  the  Infosecurity  Europe  survey 
example.  But,  it  can  also  be  used  on  companies  that  collect  and  store  people’s 
identifying  information,  such  as  department  stores  or  credit  card  companies.  Even  if  key 
information,  such  as  passwords,  is  not  supplied  by  the  individual,  enough  personal 

information  can  be  collected  to  be  damaging  to  the  security  of  a  person’s  identity.  It  is 
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important  to  be  aware  of  who  exactly  is  collecting  the  personal  information,  what  the 
information  is  going  to  be  used  for,  and  what  the  privacy  policies  are  of  the  companies 
who  have  the  infonnation. 

Poor  password  security  and  management,  such  as  having  the  same  password  for 
every  website  a  user  deals  with,  can  also  cause  a  person  to  become  vulnerable  to  identity 
theft.  A  survey  conducted  by  VeriSign  found  that  79  percent  of  respondents  “use  the 
same  password  for  multiple  Web  sites  or  applications”  (Ostrom  2005).  Another  threat  to 
personal  identities  is  easily  crackable  passwords,  such  as  names  and  dictionary  words. 
Awareness  of  common  password  security  techniques  need  to  be  provided  to  users  to  help 
alleviate  these  kinds  of  mistakes. 

The  need  to  have  the  latest  technology  can  also  leave  one  vulnerable. 
Centralizing  information  in  an  all-in-one  device  like  a  PDA/cell  phone  can  make  a  person 
vulnerable  if  that  device  falls  into  the  wrong  hands.  “In  our  love  affair  with  new 
technology,  it’s  easy  to  forget  that  our  handy  devices  affect  our  privacy  in  more  ways 
than  we  know”  (Caloyannides  2004,  84).  For  example,  the  SIM  (subscriber  identification 
module)  card  found  in  some  cell  phones  stores  private  information  such  as  calls  made, 
received,  and  missed,  phone  numbers,  and  photos  (if  the  phone  has  a  camera).  Fax 
machines,  printers,  copiers,  and  cell  phones  are  all  devices  that  store  information  sent  to 
them,  which  can  then  be  collected  later  for  uses  not  intended  by  the  manufacturers. 

People  give  away  their  contact  infonnation,  date  of  birth,  credit  card  number,  and 
social  security  number  for  lots  of  reasons  and  services  these  days.  This  personal 
information  is  asked  for  with  activities  that  range  from  buying  books  online  to  joining  a 
professional  organization  to  paying  bills  online.  RSA  security  conducted  a  survey  that 
found  that  “many  people  volunteered  important  personal  information,  such  as  their 
mother’s  maiden  name  or  even  their  own  date  of  birth,  when  questioned  during  a  street 
survey”  (BBC  News  2004).  Our  view  of  personal  information  needs  to  shift  from  its  use 
as  common  identifiers  to  data  which  needs  to  be  protected  and  secured. 
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C.  PREVENTION  TECHNIQUES 

In  terms  of  possible  solutions  to  the  problems  caused  by  identity  theft,  “many 
victims  thought  better  awareness  on  their  own  part  of  how  to  prevent  and  respond  to 
identity  theft  would  have  been  most  helpful”  (Synovate  2003,  62).  This  thesis  attempts  to 
assist  in  raising  computer  user’s  consciousness  about  identity  theft,  by  incorporating 
common  prevention  techniques  into  a  CyberCIEGE  scenario.  Most  of  the  recommended 
techniques  for  securing  personal  information  on  computers  fall  in  to  the  realm  of  basic 
computer  security  practices.  The  following  is  a  breakdown  of  the  methods  of  prevention 
for  digital  identity  theft: 

1.  Install  and  regularly  update  antivirus  and  spyware  protection  software. 
(Federal  Trade  Commission  2005). 

2.  Install  and  properly  configure  a  firewall  on  your  personal  computer. 
(Federal  Trade  Commission  2005). 

3.  Use  a  secure  web  browser  for  online  transactions  which  employs 
techniques,  such  as  encryption,  to  keep  your  personal  infonnation  more 
secure.  (Federal  Trade  Commission  2005). 

4.  Do  not  store  financial  or  other  sensitive  information  on  your  personal 
computer.  (Federal  Trade  Commission  2005). 

5.  Do  not  select  the  option  to  automatically  login  or  remember  identification 
and  authentication  infonnation.  (Federal  Trade  Commission  2005). 

6.  Log  out  of  websites  and  computers  when  finished  with  them.  (Federal 
Trade  Commission  2005). 

7.  Practice  good  password  security  techniques.  Passwords  should  be 
complex  in  length  and  composition  and  devoid  of  dictionary  words. 
People  should  have  a  scheme  to  remember  the  password  versus  writing  the 
password  down  or  storing  it  on  the  computer.  Passwords  and  PINs  should 
not  be  given  out  to  other  people. 

8.  Maintain  the  security  of  your  computer  by  practicing  activities,  such  as 
installing  operating  system  and  application  patches. 
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9.  Resist  social  engineering  techniques  to  get  your  personal  information.  For 
example,  make  sure  that  the  website  you  are  using  to  conduct  online 
transactions  is  the  actual  company  versus  a  dummy  website. 

10.  Be  aware  of  the  privacy  policies  of  the  companies  and  institutions  that  you 
give  your  personal  information  to.  (Federal  Trade  Commission  2005). 

1 1 .  Make  sure  that  all  personal  information  is  properly  deleted  from 
technological  devices  before  giving  them  to  other  people  or  disposing  of 
them.  (Federal  Trade  Commission  2005). 

Other  methods  of  prevention  can  also  be  practiced  to  help  avoid  identity  theft 
outside  of  the  digital  realm.  Frank  W.  Abagnale,  whose  exploits  and  life  are  depicted  in 
the  movie  Catch  Me  if  You  Can,  recommends  protecting  your  social  security  number  and 
periodically  examining  your  credit  report  as  the  top  two  ways  to  protect  our  identity 
information  (Abagnale  2004).  People  may  not  be  able  to  control  what  happens  to  their 
personal  infonnation  once  it  is  out  of  their  hands,  but  computer  users  can  definitely 
become  more  vigilant  about  how  they  use  it  on  the  computer  and  online. 


D.  SUMMARY 

Identity  theft  is  the  misuse  of  another’s  personal  information  and  identity.  The 
increase  in  online  activities  which  involve  people’s  personal  identification  information 
means  that  we  need  to  be  more  vigilant  to  attempt  to  avoid  identity  theft.  The  majority  of 
identity  theft  prevention  techniques  fall  under  the  realm  of  basic  computer  security 
practices,  such  as  securing  one’s  computer  and  practicing  good  password  security.  Other 
techniques,  such  as  resisting  social  engineering,  being  aware  of  who  is  collecting  the 
personal  information,  and  knowing  what  the  information  is  being  used  for,  are  also 
necessary  to  protect  one’s  identity.  These  techniques  are  incorporated  into  a 
CyberCIEGE  scenario  to  help  raise  computer  users’  awareness  about  how  to  avoid  online 
identity  theft. 
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III.  SCENARIO  OVERVIEW 


A.  SCENARIO  STORYLINE 

There  are  several  things  people  can  do  both  online  and  in  the  real  world  to  help 
protect  themselves  and  their  identifying  infonnation.  A  goal  of  this  thesis  was  to  narrow 
down  that  list  of  prevention  techniques  into  some  essential  methods  of  identity  theft 
prevention  from  the  home  user  perspective.  Once  the  list  was  redefined,  the  challenge 
became  translating  it  into  the  educational  world  of  CyberCIEGE. 

In  order  to  develop  an  engaging  CyberCIEGE  scenario,  the  narrative  must  be  able 
to  speak  to  the  intended  audience,  portray  the  intended  educational  goals,  and  provide 
feedback  to  the  player  at  appropriate  moments.  In  addition,  the  storyline  should  be  one 
that  entices  the  player  to  persist  with  the  scenario.  The  Identity  Theft  scenario  uses  the 
popularity  of  the  secret  agent/espionage  genre  and  the  resurgence  of  fiber  art,  such  as 
knitting  and  crochet,  in  order  to  engage  the  player  and  allow  for  some  creativity  with  the 
narrative.  As  seen  with  the  success  of  television  shows  such  as  Alias  and  24,  the  secret 
agent/espionage  genre  is  one  that  pervades  popular  culture  and  can  serve  to  draw  the 
player  into  the  scenario.  The  crochet  aspect  of  the  storyline  is  used  to  add  dimension  to 
the  Sydney  Chase  character. 

The  basic  storyline  is  that  the  player  must  help  the  user,  Sydney  Chase,  set  up  her 
new  home  computer  so  that  she  is  protected  from  identity  theft  while  conducting  online 
transactions.  Sydney  Chase  is  a  smart,  savvy  secret  agent  for  the  United  States  federal 
government.  Sydney  has  purchased  a  new  computer  and  wants  to  email  her  friends  and 
family  and  search  the  web.  Since  she  is  on  a  lot  of  covert  missions  and  focused  on 
protecting  her  nation,  she  is  not  up  to  speed  on  the  commonly  recommended  prevention 
techniques  of  identity  theft  for  the  home  computer  user.  Between  missions,  one  of  the 
main  things  Sydney  enjoys  doing  is  crocheting  presents  for  her  friends  and  family.  Her 
mobile  lifestyle  has  made  Sydney  see  the  potential  convenience  of  being  able  to 
maximize  her  time  at  home  and  communicate,  research,  and  purchase  products,  like  yam, 
online.  In  the  scenario,  Sydney  wants  to  use  her  computer  to  find  a  sweater  pattern  to 
crochet  and  purchase  the  yarn  for  the  project  online. 
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Due  to  her  line  of  work,  Sydney  is  aware  of  the  importance  of  protecting  and 
securing  information.  If  Sydney’s  identity  is  stolen,  she  will  have  to  deal  with  the  cost 
and  time  involved  in  the  aftermath  of  identity  theft.  Also,  it  could  potentially  affect  her 
security  clearance  and  job  if  someone  does  something  harmful  or  illegal  while 
impersonating  Sydney.  The  scenario  player’s  main  objective  is,  therefore,  to  advise 
Sydney  on  how  to  conduct  herself  while  online  and  how  to  configure  her  computer  so 
that  she  is  protected. 


B.  INTENDED  AUDIENCE 

The  major  CyberCIEGE  audience  is  DOD  civilian  and  military  personnel.  As  a 
result  of  the  directives  and  policies  that  DOD  employees  must  adhere  to,  it  is  important  to 
be  able  to  provide  useful  Information  Assurance  training  tools.  The  Identity  Theft 
scenario  can  be  used  to  teach  the  Information  Assurance  principles  related  to  identity 
theft  prevention  to  both  DOD  employees  and  civilian  home  users. 

With  the  importance  of  finding  ways  to  guard  against  identity  theft,  the  concepts 
presented  in  this  scenario  can  be  applied  to  different  environments  and  users.  The 
intended  audience  of  this  scenario  is  both  the  home  computer  user  and  those  who  will  be 
training  others  in  identity  theft  prevention  techniques.  Even  though  the  scenario  is  set  in 
a  home  environment,  the  techniques  can  also  be  applied  to  government  and  corporate 
workplaces. 


C.  EDUCATIONAL  GOALS 

The  main  educational  goal  for  this  thesis  was  to  provide  a  training  tool  that  helps 
both  the  end  user  and  the  Information  Assurance  instructor  demonstrate  some  main 
identity  theft  prevention  techniques.  In  Phase  1,  the  Connect  objective  has  the  player 
connect  Sydney’s  computer  to  the  router  via  her  local  home  network.  Once  this  is  done, 
the  player  is  supposed  to  select  the  appropriate  procedural  settings  to  provide  the 
computer  with  some  basic  security  and  complete  the  Secure  objective.  The  concept 
presented  to  the  player  at  this  point  is  the  importance  of  securing  a  computer  that  is 
connected  to  the  internet.  Two  main  ways  to  do  this  is  to  not  run  executable  email 
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attachments  and  to  regularly  update  the  antivirus  protection  on  the  computer.  These 
settings  will  help  prevent  attacks  such  as  viruses,  worms,  Trojan  horses,  and  trap  doors. 
These  attacks  can  then  be  used  to  gain  personal  information  and  to  steal  the  user’s 
identity. 

In  Phase  2,  a  quiz  format  is  used  in  order  to  see  how  the  player  would  react  to  a 
social  engineering  attack  and  to  another  danger  of  online  transactions.  The  Transact 
objective  in  this  phase  is  to  answer  the  questions  correctly.  The  first  question  relates  to 
conducting  online  transactions  securely.  The  player  should  make  sure  that  the  browser  is 
using  SSL  by  checking  the  web  address  and  making  sure  it  is  https  versus  http.  The  goal 
here  is  to  get  across  to  the  player  that  when  money  is  transferred  online  or  items  are 
purchased,  it  is  important  to  make  sure  the  connection  is  secure.  The  quiz’s  second 
question  asks  the  player  to  decide  what  to  do  when  Sydney  gets  a  phishing  email. 
Phishing  is  when  a  person  receives  an  email  claiming  to  be  from  a  legitimate  source,  like 
eBay  or  a  bank.  The  email  then  asks  the  user  to  click  on  a  hyperlink  to  fill  in  some 
information  on  a  web  form.  This  question  demonstrates  the  danger  of  providing  personal 
information  to  unknown  sources. 

After  playing  this  scenario,  the  goal  is  for  the  player  to  gain  awareness  of 
behaviors  and  actions  to  prevent  identity  theft.  Throughout  the  game  there  are  also 
pointers  about  advanced  or  extra  preventative  techniques,  such  as  being  aware  of 
companies’  privacy  policies  or  only  transacting  with  websites  that  are  well  established 
and  familiar.  This  thesis  also  added  an  identity  theft  section  to  the  CyberCIEGE 
encyclopedia  to  assist  the  player  in  completing  their  objectives.  This  scenario  will  be 
able  to  provide  the  player  with  a  starting  point  of  the  basics  of  identity  theft  prevention 
and  make  them  aware  of  the  dangers  that  can  occur. 


D.  SCENARIO  ELEMENTS 

CyberCIEGE  has  several  elements  that  are  used  to  structure  the  scenario 
environment  and  storyline.  The  different  physical  environments  of  the  scenario  are 
distinguished  by  zones.  In  each  zone,  there  can  be  physical  components,  such  as  web 
servers,  computers,  and  routers.  Information,  referred  to  as  an  asset,  is  stored  on  physical 
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components.  Virtual  users  complete  asset  goals  by  accessing  the  goal’s  associated  asset. 
The  scenario  is  also  broken  up  into  various  phases  and  objectives.  The  player  moves  to 
the  next  phase  by  completing  all  of  the  current  phase’s  objectives.  Objectives  are  usually 
tasks  such  as  establishing  a  network  connection  or  incorporating  security  into  a  zone  or 
physical  component. 

The  CyberCIEGE  game  engine  has  the  ability  to  randomly  initiate  automatic 
attacks,  such  as  Internet  attacks,  and  the  player  has  to  protect  the  components  from  these 
dangers.  Scenario  developers  can  assign  motives  to  assets.  A  motive  is  a  numerical 
value  signifying  an  attacker’s  level  of  motivation  for  attacking  the  asset.  CyberCIEGE’s 
automatic  attacks  use  the  asset’s  motive  to  regulate  the  frequency  and  amount  of  attacks 
it  generates.  High  motive  values  result  in  more  frequent  and  complex  attacks.  The 
scenario  developer  also  has  the  ability  to  create  conditions  and  triggers  in  order  to  interact 
with  the  player  and  cause  events  to  occur.  Conditions  and  triggers  provide  the  developer 
a  flexible  method  to  illustrate  the  scenario’s  educational  goals.  Some  commonly  used 
triggers  are  message  pop-ups,  tickers,  and  help  tips.  The  Identity  Theft  scenario  uses  all 
of  these  scenario  elements  to  reach  the  intended  audience,  achieve  the  scenario’s 
educational  goals,  and  implement  the  scenario’s  storyline. 

1.  Sydney’s  Home  Zone 

The  main  environment  of  the  Identity  Theft  scenario  is  Sydney  Chase’s  Home.  In 
this  zone,  there  is  one  computer  (Sydney’s  Computer)  and  a  router  from  the  DSL 
Company  (Bit  Flipper  Router  Home).  There  is  one  asset  on  Sydney’s  computer,  called 
Sydney’s  Info,  which  is  composed  of  the  files  and  other  electronic  information  that 
resides  on  Sydney’s  Computer.  This  information  is  susceptible  to  Internet  attacks  once 
Sydney’s  Computer  is  connected  to  the  Internet.  These  attacks  are  implemented  using 
triggers  and  CyberCIEGE’s  attack  engine.  Sydney’s  Info  has  a  low  motive  value 
assigned  to  it  which  allows  some  of  CyberCIEGE’s  automatic  Internet  attacks.  However, 
attacks  were  primarily  generated  through  the  use  of  conditions  and  triggers.  Conditions 
were  used  to  assess  the  scenario’s  state  and  settings.  Triggers  were  then  developed  to 
respond  to  those  conditions.  This  strategy  was  chosen  to  allow  for  more  control  and 
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flexibility  in  developing  a  negative  feedback  mechanism.  It  also  provided  a  method  to 
assist  the  player  in  achieving  goals  and  objectives. 

At  startup,  Bit  Flipper  Router  Home  is  connected  to  the  Internet  and  also  has  a 
local  area  network  connection  for  Sydney’s  Home  Network.  But,  the  Home  Network 
cable  is  not  connected  to  Sydney’s  computer.  This  is  done  so  that  the  player  has  to  make 
the  network  connection  from  Sydney’s  computer  to  Bit  Flipper  Router  Home  in  order  to 
meet  the  BrowseEmail  asset  goal.  The  BrowseEmail  asset  goal  is  for  Sydney  to  browse 
the  web  and  use  her  web-based  email  account.  It  requires  the  ability  to  reach  the  Web 
Server  in  the  Web  zone  via  the  Internet. 

Because  the  goals  of  this  scenario  were  not  related  to  physical  security,  Sydney’s 
Home  starts  out  with  a  key  lock,  visual  inspection,  and  a  poor  zone  alann.  These  physical 
security  components  are  all  reasonable  security  components  for  a  home  environment. 
These  also  help  defend  against  some  of  the  physical  security  attacks  built  into  the  game 
engine. 


2.  Web  Zone 

The  second  zone  in  this  scenario  is  the  Web  zone.  The  physical  components  in 
this  zone  are  a  Web  Server  and  a  router  (Bit  Flipper  Router  Web).  At  startup,  the  Web 
zone’s  network  is  already  connected  and  working.  The  Web  Server  is  connected  to  the 
Bit  Flipper  Router  Web  through  a  local  area  network  connection.  Bit  Flipper  Router 
Web  is  then  connected  to  the  Internet. 

There  is  one  asset  in  the  Web  zone  which  is  Crochet  Central’s  Web  Page  on  the 
Web  Server.  Crochet’s  Central’s  Web  Page  is  a  vast  research  database  of  free  patterns, 
tips  and  news  from  the  crochet  community.  Sydney  needs  access  to  this  web  page  in 
order  to  find  a  pattern  for  her  next  crochet  project.  This  asset  is  associated  with  the 
BrowseEmail  asset  goal.  To  prevent  CyberCIEGE’s  game  engine  from  generating 
attacks,  a  motive  value  of  zero  was  assigned  to  the  Web  Page  asset. 

Also,  the  Web  zone  and  its  components  are  secured  with  strict  settings  so  that  the 
player  does  not  have  to  deal  with  automatic  attacks  from  the  game  engine  relating  to  the 
Web  zone.  This  is  done  to  keep  the  focus  on  Sydney’s  Home  zone. 
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3.  Feedback 

The  scenario  contains  feedback  in  several  forms  to  help  the  player  progress 
through  the  scenario.  For  example,  when  the  player  selects  wrong  or  unnecessary 
settings,  feedback  is  provided  to  guide  the  player  towards  the  correct  settings. 
CyberCIEGE  has  the  capability  to  change  the  player’s  budget  in  order  to  provide 
monetary  consequences  to  the  player’s  choices.  This  scenario  does  not  use  this  method 
to  educate  the  player  because  it  did  not  fit  with  the  home  user  environment  of  this 
scenario.  Instead,  this  scenario  uses  message,  help,  and  ticker  triggers  to  inform  and 
guide  the  player  through  the  scenario.  These  mechanisms  try  to  keep  the  player  focused 
on  the  information  being  presented  in  the  scenario  versus  dealing  with  maintaining 
aspects  of  CyberCIEGE  like  budgets.  Conditions  and  triggers  are  also  used  to  provide 
attacks  and  negative  feedback  to  the  player. 

In  the  first  phase,  the  main  form  of  feedback  is  message  triggers.  If  the  player 
does  not  connect  Sydney’s  computer  to  the  router,  the  player  receives  a  message  saying 
that  the  computer  can  be  connected  to  the  router  by  going  to  the  network  screen.  The 
player  will  receive  a  message,  while  on  the  network  screen,  if  the  computer  has  not  been 
connected  after  a  certain  amount  of  time.  After  Sydney’s  computer  is  connected,  the 
player  receives  recognition  that  the  BrowseEmail  asset  goal  has  been  achieved  with  both 
a  message  and  ticker  trigger.  This  message  signifies  that  the  Connect  objective  of  Phase 
1  has  been  achieved. 

In  order  to  satisfy  the  Secure  objective,  the  player  must  select  both  “Regular 
Antivirus  Updates”  and  “Don’t  Run  Attachments”  in  the  procedural  settings  window  of 
the  Components  screen.  When  the  player  selects  these  settings,  a  message  trigger  notifies 
the  player  about  completing  Phase  1  and  provides  directions  back  to  the  objectives 
window  to  see  the  objective  for  Phase  2.  If  the  player  chooses  only  one  of  the  correct 
settings,  a  congratulatory  message  appears  which  also  provides  hints  about  the  missing 
setting. 

If  the  player  selects  settings  that  would  signify  too  much,  redundant  or 
unnecessary  security  settings,  messages  appear  to  guide  the  player  back  in  the  right 
direction.  When  the  player  has  not  selected  the  appropriate  settings  in  a  timely  manner,  a 
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warning  message  appears  about  the  dangers  of  being  connected  to  the  internet  without 
any  protection.  After  this  warning  appears,  attacks  on  Sydney’s  computer  begin  until  the 
player  chooses  the  correct  security  settings.  These  attacks  are  driven  by  conditions  and 
message  triggers.  The  first  attack,  a  virus,  occurs  when  the  computer  is  connected  and 
does  not  have  the  “Regular  Antivirus  Updates”  setting.  The  next  attack,  a  Trojan  horse, 
occurs  when  the  computer  is  connected  and  does  not  have  the  “Don’t  Run  Attachments” 
setting.  Another  attack  occurs  when  the  computer  is  connected  and  the  computer  does 
not  have  either  of  the  correct  security  settings.  This  attack  is  in  the  form  of  a  ticker 
message  that  emphasizes  the  danger  of  not  protecting  personal  infonnation. 


The  following  table  delineates  the  kind  of  messages  that  are  triggered  when 
certain  procedural  and  configuration  settings  are  chosen  by  the  player. 


Setting 

Feedback 

Automatic  Antivirus  Updates 

This  setting  could  interrupt  her  computer  use  and 

means  that  the  computer  would  have  to  be  on  at 

specific  times,  which  would  be  impractical. 

No  Machine  Modifications 

Sydney  should  be  able  to  make  changes  to  her  own 

computer. 

No  External  Software 

Sydney  should  be  allowed  to  install  whatever  software 

she  wants  to  on  her  own  computer. 

Scan  Email  Attachments 

This  setting  is  redundant  because  the  web-based  email 

service  Sydney  uses  automatically  scans  email 

attachments. 

Strip  Email  Attachments 

This  setting  affects  Sydney’s  email  functionality  such 

that  she  will  not  be  able  to  look  at  pictures, 

documents,  etc.  that  people  send  her. 

No  Web  Mail 

This  setting  would  prevent  Sydney  from  having  access 

to  her  web-based  email  account. 

Table  1.  Feedback 
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In  the  second  phase  of  the  scenario,  a  quiz  fonnat  was  used  to  test  the  player’s 
knowledge  about  secure  browsing  and  social  engineering.  A  quiz  fonnat  mimics  more 
closely  what  occurs  in  the  real  world.  The  player  is  presented  with  a  situation  and  has  to 
make  a  choice  to  either  proceed  in  a  particular  way  or  not.  A  quiz  format  also  provides 
the  player  with  an  experience  different  from  one  associated  with  message,  help,  and 
ticker  triggers  from  the  first  phase;  it  allows  for  a  new  way  of  interacting  with  the 
scenario. 

Feedback  can  also  be  found  on  the  various  screens  in  the  scenario.  On  the 
Objectives  screen,  the  player  can  see  both  the  list  of  objectives  to  be  completed  and 
which  objectives  have  already  been  completed.  The  screen  can  also  be  used  to  see  which 
phase  the  player  is  currently  in  and  how  many  phases  are  left  in  the  scenario.  The  Zone 
screen  has  information  about  the  two  zones  in  the  scenario,  such  as  physical  security, 
access  lists,  and  the  computers  in  the  zones.  The  component  screen  details  information 
about  the  Web  Server  and  Sydney’s  Computer.  On  the  User  screen,  the  player  can  see  a 
description  of  the  user  and  asset  goals.  The  player  can  also  see  if  there  are  any  asset  goal 
failures  by  looking  at  this  screen.  The  Asset  Screen  details  the  Web  Page  and  Sydney’s 
Info  assets  and  tells  the  player  the  locations  of  the  assets.  The  scenario  takes  the  player  to 
the  Debriefing  screen  once  the  game  is  either  won  or  lost.  The  player  wins  by 
completing  the  objectives  in  Phase  1  and  answering  “no”  to  both  of  the  questions  in 
Phase  2.  The  player  loses  by  answering  “yes”  to  either  of  the  questions  in  Phase  2. 


E.  SUMMARY 

The  Identity  Theft  scenario  is  intended  to  be  used  by  DOD  and  civilian  computer 
users  and  Information  Assurance  instructors  as  a  training  tool  in  identity  theft  prevention 
techniques.  In  the  scenario,  the  player  must  help  the  user,  Sydney  Chase,  set  up  her  new 
home  computer  so  that  she  is  protected  from  identity  theft  while  securely  conducting 
online  transactions.  The  scenario’s  storyline  was  implemented  using  various 
CyberCIEGE  tools  and  components.  After  development,  the  scenario  underwent  an 
informal  testing  process,  which  is  described  in  the  next  chapter. 
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IV.  TESTING 


A.  TEST  STRATEGY 

To  validate  that  the  scenario  worked  as  intended,  the  test  strategy  was  to  identify 
some  test  cases  based  on  the  scenario’s  objectives  and  tasks.  These  cases  were  then  used 
to  ensure  that  the  expected  and  experienced  results  coincided  when  the  player  performed 
either  no  actions  or  the  wrong  ones.  A  test  case  for  the  winning  strategy  of  the  scenario 
was  also  included.  If  bugs  or  unexpected  results  appeared  during  testing,  the  scenario 
was  revised  to  correct  these  problems.  However,  if  the  problems  encountered  related  to 
game  engine  or  scenario  definition  tool  issues,  then  these  bugs  were  informally  identified 
and  reported.  Since  the  CyberCIEGE  game  engine  has  some  randomness  associated  with 
its  behavior,  each  test  case  was  run  multiple  times  to  insure  the  scenario  reacted  as 
expected  each  time.  Fellow  CyberCIEGE  developers  assisted  in  the  testing  by  playing 
the  scenario  and  providing  comments  and  suggestions. 

The  test  strategy  for  this  scenario  is  informal  mainly  due  to  the  time  and  scope  of 
this  thesis.  However,  this  method  was  also  chosen  due  to  the  evolving  nature  of  the 
CyberCIEGE  game  engine  and  Scenario  Definition  Tool  themselves.  During  the  course 
of  the  scenario  development,  there  were  several  updates  to  the  game  engines  which 
included  improvements  and  error  corrections.  This  scenario  was  tested  with  the  latest 
version  of  the  CyberCIEGE  game  engine,  version  1.4k.  This  version  of  CyberCIEGE 
changed  the  wording  of  the  “Don’t  Run  Attachments”  procedural  setting  to  “Beware  of 
Email  Attachments.” 

B.  SCENARIO  TEST  CASES 

The  following  are  test  cases  breaking  the  scenario  down  into  its  three  objectives 
and  testing  what  happens  when  the  player  follows  certain  playing  strategies. 

1.  Test  Case  1:  Winning  Strategy 

To  successfully  complete  the  scenario,  the  player  must  complete  Phase  1  and 
answer  both  of  the  questions  in  Phase  2  correctly.  Phase  1  is  completed  by  first 
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connecting  Sydney’s  computer  to  her  router  through  her  Home  network.  To  do  this,  the 
player  first  switches  to  the  Network  screen  by  selecting  the  Network  tab.  The  connection 
is  made  by  selecting  Sydney’s  computer  and  then  selecting  the  Home  Network 
connection.  Then,  in  either  order,  the  player  chooses  both  the  “Don’t  Run  Attachments” 
and  “Regular  Antivirus  Updates”  from  the  procedural  settings  on  the  Component  screen. 
These  actions  complete  both  the  Connect  and  Secure  objectives  that  make  up  Phase  1. 

In  Phase  2,  the  Transact  objective  quizzes  the  player  on  responses  to  social 
attacks.  The  first  question  deals  with  secure  browser  connections  and  online  transactions. 
By  answering  “no”  to  this  question,  the  player  encourages  Sydney  to  be  cautious  of  her 
online  transactions  and  emphasizes  the  importance  of  using  secure  connections  when 
buying  things  online.  Next,  the  player  should  instruct  Sydney  to  be  cautious  of  phishing 
emails  requesting  personal  information  and  answer  “no”  on  the  second  question.  This 
action  successfully  completes  both  the  Transact  objective  and  the  scenario  itself.  The 
player  is  then  presented  with  the  winning  Debriefing  screen. 

2.  Test  Case  2:  Connect 

The  Connect  objective  is  met  when  Sydney’s  computer  is  connected  to  her  router 
through  her  Home  Network  cable.  Since  there  is  only  one  way  to  connect  the  computer 
to  the  router,  this  test  case  examines  what  happens  when  the  player  does  not  connect 
Sydney’s  computer  to  the  home  network.  It  also  makes  sure  that  the  player  can  not 
change  any  of  the  initial  network  connections. 

Since  the  goal  of  this  scenario  is  to  educate  and  instruct  the  player,  guidance 
appears  to  help  move  the  player  along  when  the  objective  has  not  been  completed  in  a 
certain  amount  of  time.  If  the  player  does  not  connect  the  two  components  after  a  certain 
amount  of  time,  a  help  tip  appears  that  directs  the  player  to  the  objectives  screen  in  order 
to  get  advice  on  where  to  start.  The  player  also  encounters  a  help  tip  providing 
information  about  pressing  the  play  button  to  pause  and  play  the  scenario. 

When  the  player  is  on  the  network  screen  and  is  having  trouble  completing  the 
objective,  help  appears  to  guide  them  in  connecting  the  two  components.  If  the  player 
clicks  on  any  combination  of  network  cables  and  components  other  than  the  winning 
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combination,  no  other  connections  can  be  made  or  taken  away.  For  example,  the 
components  in  the  Web  Zone  were  made  static,  so  that  the  player  can  not  change  the 
network  connections  of  that  zone. 

3.  Test  Case  3:  Secure 

The  Secure  objective  is  completed  when  the  player  selects  both  the  “Don’t  Run 
Attachments”  and  “Regular  Antivirus  Updates”  procedural  settings.  This  test  case 
examines  what  happens  when  the  wrong  settings  are  chosen  for  Sydney’s  computer.  It 
also  tests  what  happens  when  the  player  does  not  select  any  security  settings  for  Sydney’s 
computer. 

When  the  player  has  not  selected  the  appropriate  settings  in  a  timely  manner,  a 
warning  appears  about  the  dangers  of  being  connected  to  the  internet  without  any 
protection.  After  this  warning  appears,  attacks  on  Sydney’s  computer  begin  until  the 
player  chooses  the  correct  security  settings. 

One  part  of  the  Secure  objective  is  to  select  the  “Regular  Antivirus  Updates” 
setting  for  Sydney’s  computer.  The  “Automatic  Antivirus  Updates”  procedural  setting  is 
the  wrong  choice  for  this  part  of  the  objective.  If  the  player  selects  this  setting,  the 
scenario  notifies  them  that  this  would  be  problematic  and  directs  them  to  the  correct 
setting. 

Another  component  of  the  Secure  objective  is  to  have  the  player  instruct  Sydney 
to  be  cautious  about  email  attachments  by  selecting  the  “Don’t  Run  Attachments” 
procedural  setting.  The  wrong  settings  for  email  attachment  protection  would  be  the 
“Scan  Email  Attachments”  and  “Strip  Email  Attachments”  configuration  settings.  If  the 
player  selects  one  of  these  settings,  an  appropriate  message  appears  explaining  why  that 
settings  is  not  appropriate  or  necessary. 

This  test  case  also  tests  what  can  happen  when  unnecessary  procedural  settings 
are  selected.  If  the  player  selects  either  the  “No  Machine  Modifications”  or  “No  External 
Software”  settings,  messages  appear  reminding  the  player  that  the  computer  is  Sydney’s 
personal  computer  and  she  should  be  able  to  make  these  kinds  of  alterations.  The  player 
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will  also  encounter  a  message  if  the  “No  Web  Mail”  setting  is  selected,  because  this 
would  interfere  with  Sydney’s  ability  to  use  her  web-based  email  account. 

4.  Test  Case  4:  Transact  Quiz 

The  Transact  objective  is  met  by  successfully  completing  a  quiz.  This  test  case 
deals  with  testing  whether  or  not  the  quiz  responds  correctly  when  the  player  answers  the 
questions  incorrectly.  If  the  player  answers  “yes”  to  both  of  the  question,  Sydney’s 
identity  is  stolen.  The  player  is  then  presented  with  the  losing  Debriefing  screen.  If  the 
player  answers  “yes”  to  one  of  the  questions  and  “no”  to  the  other  one,  the  player  still 
fails  the  quiz  and  the  losing  Debriefing  screen  is  shown. 

5.  Results 

Except  for  one  test  case,  all  the  expected  results  and  experienced  results 
coincided.  The  unexpected  result  came  while  testing  the  quiz  in  Test  Case  4.  If  the 
player  does  not  press  either  of  the  keyboard  responses  and  only  clicks  “OK”  on  the 
question  window,  the  game  engine  recognizes  this  as  a  “no”  response  and  proceeds 
accordingly.  This  means  that  the  player  can  successfully  complete  the  quiz  by  just 
selecting  the  “OK”  button  on  the  question  window.  This  result  is  due  to  a  SDT  (Scenario 
Definition  Tool)  issue  with  the  register  condition’s  default  setting  and  has  been  reported 
as  a  problem. 

While  completing  the  test  cases  for  Phase  1,  there  was  one  unexpected  result 
which  was  not  covered  by  the  test  cases.  If  the  player  completed  the  Secure  objective 
before  completing  the  Connect  objective,  the  scenario  proceeded  on  to  Phase  2.  This 
undesirable  result  was  solved  by  making  some  changes  to  the  scenario  preventing  the 
player  from  moving  to  Phase  2  until  both  Phase  1  objectives  are  met. 

After  testing,  some  refinements  were  also  made  to  the  text  that  appears  in  the 
screens  and  messages  that  appear  throughout  the  game.  This  was  done  to  attempt  to  find 
the  most  effective  word  choice  for  the  player.  When  necessary,  there  were  also  some 
changes  to  the  timing  of  the  various  text  pop-ups  or  tickers  in  order  to  improve  the 
player’s  experience. 
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C.  CYBERCIEGE  TESTING 

The  CyberCIEGE  game  engine  and  SDT  (Scenario  Definition  Tool)  are  both 
currently  under  development.  As  a  result,  this  thesis  also  provided  an  informal  testing  of 
these  components.  Whenever  problems  were  encountered  that  related  to  the  game  engine 
or  SDT,  an  informal  approach  was  taken  to  identify  and  report  problems  and  to  make 
improvement  suggestions. 

1.  Invisible  Users 

In  the  beginning  of  the  scenario  development,  there  was  an  issue  with  the  user 
being  invisible.  The  user  was  present  on  the  screen,  according  to  the  speech  pop-ups,  but 
the  graphic  for  the  user  was  not  being  displayed.  This  was  a  game  engine  problem  that 
was  resolved  by  removing  a  problematic  optimization  in  the  source  code. 

2.  Multiple  LAN  connections 

When  working  on  the  Connect  objective  portion  of  the  scenario,  it  seemed  to  be 
confusing  to  have  only  one  of  the  network  connections  displayed  around  the  given 
component  at  a  time.  Originally,  a  component  with  multiple  network  connections  would 
only  display  one  of  the  connections  around  it  in  a  colored  box.  This  situation  arose  only 
when  the  component  in  question  was  the  only  component  on  the  network.  However,  after 
identifying  this  as  a  user  interface  problem,  the  game  engine  was  revised  to  allow  for 
multiple  boxes  to  appear  around  the  component.  Now,  when  the  player  initially  goes  to 
the  Network  screen,  the  router  has  both  red  and  green  boxes  around  it  depicting  the 
router’s  Home  Network  and  Internet  connections. 

3.  Colons  and  Backslashes 

The  SDT  does  not  allow  the  combination  of  a  colon  and  backslashes  to  appear  in 
a  text  field.  This  problem  was  discovered  when  trying  to  input  the  text  for  the  question 
trigger  dealing  with  secure  browsers.  The  text  originally  had  the 
“http://www.varnbarn.com”  and  “https://www.yambam.com”  as  a  part  of  the  first 
question  on  the  quiz.  CyberCIEGE  crashed  when  this  question  trigger  fired  due  to  the 
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colon  and  backslash  combination.  To  resolve  this  issue  in  the  scenario,  the  question’s 
text  was  changed  in  order  to  avoid  this  problem.  The  SDT’s  issue  with  colons  and 
backslashes  has  been  reported. 

4.  Register  Condition 

When  testing  the  quiz  portion  of  the  scenario,  a  problem  with  the  register 
condition  was  identified.  It  appears  that  the  default  for  the  key  register  condition  is  “1” 
or  “no”  in  the  SDT.  This  is  a  problem,  because  if  the  user  clicks  on  the  OK  button 
without  inputting  a  “no”  or  “yes”  response,  the  game  engine  reacts  as  if  the  user  selected 
“no”.  Since  successful  completion  of  the  quiz  in  Phase  2  depends  on  answering  “no”  to 
both  of  the  questions,  this  bug  can  allow  the  user  to  win  the  scenario  without  entering  the 
correct  responses.  This  problem  was  reported  and  resolved  by  changing  the  key  register 
condition  values  from  “1”  and  “2”  to  “n”  and  “y.” 

5.  Camera  Drifting 

When  CyberCIEGE  starts  and  the  camera  is  repositioning  to  the  home  office  site, 
the  camera  panning  is  interrupted  if  the  player  makes  any  mouse  movements  or  clicks. 
This  causes  the  camera  to  stop  where  it  was  interrupted.  This  looks  like  a  problem  with 
the  game  engine  and  is  especially  noticeable  on  slower  computers.  This  problem  has 
been  identified  and  reported. 

6.  Paragraph  Formatting 

When  composing  messages  that  appear  to  the  player,  it  is  helpful  to  be  able  to 
insert  formatting  to  the  messages  by  using  tools  such  as  paragraph  markers.  This  can  be 
accomplished  by  inserting  (PARAGRAPH)  in  the  position  where  the  paragraph  marker 
should  exist.  However,  it  was  found  that  this  formatting  is  only  available  for  triggers 
such  as  message  and  question  triggers.  When  placed  in  the  message  box  for  triggers  such 
as  SetPhase,  (PARAGRAPH)  will  just  be  treated  as  a  part  of  the  text  and  not  a  paragraph 
marker.  This  problem  has  been  identified  and  reported. 
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D.  SUMMARY 

The  Identity  Theft  scenario  worked  as  expected  and  any  bugs  encountered  along 
the  way  were  either  reported  or  resolved.  During  both  the  development  and  testing  of  the 
scenario,  recommendations  and  suggestions  for  improving  the  Identity  Theft  scenario, 
CyberCIEGE  game  engine,  and  SDT  emerged.  These  recommendations  are  discussed  in 
the  next  chapter  along  with  suggestions  of  how  the  Identity  Theft  scenario  can  be 
utilized. 
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V.  CONCLUSION 


A.  SCENARIO  APPLICATIONS  &  EXTENSIONS 

Multiple  environments  exist  where  the  Identity  Theft  scenario  could  be  applied. 
As  an  educational  training  tool,  the  scenario  could  be  used  as  a  part  of  introductory 
Information  Assurance  courses  in  an  academic  setting.  It  would  also  work  well  as  a  part 
of  on-the-job  Information  Assurance  computer  training  in  both  government  and  corporate 
environments.  For  example,  DOD  employees  are  mandated  to  complete  computer 
Information  Assurance  training  annually.  This  scenario  could  be  used  as  a  part  of  such 
training.  The  scenario  is  also  short  enough  that  it  could  also  be  used  on  the  lecture  circuit 
so  that  the  presenter  has  a  visual  example  for  the  audience  when  discussing  issues  such  as 
identity  theft  or  Infonnation  Assurance.  Home  computer  users  could  come  into  contact 
with  the  scenario  if  it  was  incorporated  as  part  of  the  software  bundle  that  comes  with  a 
new  computer  or  available  as  a  download. 

Since  this  scenario  deals  with  basic  identity  theft  prevention  techniques,  more 
extensive  scenarios  dealing  with  identity  theft  prevention  could  be  created  in  the  future. 
Attackers  are  going  to  continue  to  derive  new  methods  to  steal  infonnation,  which  means 
that  users  will  need  to  be  infonned  of  new  prevention  techniques.  One  possible  future 
scenario  could  explore  how  identity  theft  prevention  can  be  accomplished  in  the  wireless 
domain.  By  making  the  local  area  networks  in  the  scenario  wireless,  this  could  bring  in 
new  issues  and  prevention  mechanisms  to  explore  in  CyberCIEGE.  Also,  since  wireless 
internet  is  becoming  more  widespread  in  homes  and  businesses,  this  could  become  a 
more  relevant  network  setup  for  the  Identity  Theft  scenario.  Another  future  scenario 
could  deal  with  applying  these  prevention  techniques  to  handheld  mobile  computing 
devices,  such  as  PDAs  and  cell  phones.  Both  of  these  future  scenarios  would  bring 
wireless  and  mobile  security  issues  into  CybeCIEGE.  As  a  result,  there  may  need  to  be 
some  additions  to  the  game  engine  in  order  to  allow  wireless  networks  and  handheld 
mobile  devices. 

The  Identity  Theft  scenario  could  also  be  improved  by  providing  some 
multimedia  feedback,  such  as  sound  and  movies.  For  example,  a  movie  clip  could 
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emphasize  one  of  the  internet  attacks  made  on  Sydney’s  computer  when  it  does  not  have 
the  proper  procedural  settings  selected.  This  would  make  the  danger  more  imminent  to 
the  player  and  add  to  the  overall  experience.  It  would  also  be  interesting  to  have  a  movie 
clip  available  if  the  player  loses  the  game.  The  clip  could  display  someone  stealing  the 
information  and  using  it  to  cause  harm  to  Sydney.  Another  clip  could  play  when  the 
player  wins  the  game.  This  clip  would  be  celebratory  and  would  contain  information  not 
covered  in  the  scenario,  such  as  tips  on  setting  up  a  personal  firewall. 

Since  the  goal  of  this  thesis  was  to  focus  on  the  essential  and  basic  prevention 
techniques,  future  versions  of  the  scenario  could  integrate  additional  problems,  tips,  and 
information.  Spyware  could  be  added  to  the  possible  attacks  on  Sydney’s  computer.  For 
example,  an  attacker  could  install  some  spyware  on  the  computer  in  order  to  gain  her 
personal  information.  Information  relating  to  properly  deleting  information  from 
computing  devices  before  giving  or  throwing  the  devices  away  could  also  be 
incorporated.  Another  aspect  which  could  be  added  to  the  scenario  is  infonnation  on 
what  to  do  to  recover  from  identity  theft.  This  could  either  be  added  at  the  end  of  the 
scenario  as  a  movie  clip  or  as  a  part  of  the  debriefing  screen. 

Due  to  the  scope  and  timeframe  of  this  thesis,  an  informal  testing  process  was 
conducted.  However,  it  would  be  useful  to  conduct  a  more  involved  and  formal  testing 
process.  The  scenario  should  be  tested  on  users  with  varying  levels  of  computer 
experience  and  Information  Assurance  knowledge.  Groups  of  testers  should  test  the 
scenario  from  the  end  user,  instructor,  and  employee  perspectives  respectively.  A  more 
rigorous  testing  process  should  also  be  conducted  to  make  sure  that  all  bugs  are  found 
and  resolved.  When  versions  of  CyberCIEGE  are  released  in  the  future,  the  scenario 
should  also  be  tested  to  make  sure  game  engine  changes  and  additions  do  not  affect  or 
change  the  scenario’s  behavior  in  unexpected  ways. 


B.  CYBERCIEGE  RECOMMENDATIONS 

The  game  engine  attacks  and  options  in  the  SDT  are  geared  mainly  for  the 
corporate  or  military  environment  scenarios.  The  Identity  Theft  Scenario  was  the  first  to 
be  set  in  a  home  environment.  The  graphic  for  the  offsite  office  was  used  to  depict 
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Sydney’s  home,  but  it  might  be  useful  in  the  future  to  have  more  zone  graphics  available 
to  the  scenario  developer.  When  designing  a  scenario,  it  would  also  be  useful  to  have 
more  choices  in  the  user  graphics.  Initially,  the  user  for  the  Identity  Theft  scenario  was 
the  player’s  Great  Aunt.  This  storyline  was  eventually  changed  for  several  reasons.  One 
reason  was  that  CyberCIEGE’s  female  user  graphic  is  that  of  a  young  woman.  Therefore, 
the  older  woman  user  description  would  not  match  very  well  with  the  female  graphic 
available.  As  with  the  zone  graphics,  having  more  options  of  user  graphics  makes  the 
development  process  easier  and  allows  for  more  creativity  and  options. 

Another  aspect  which  would  improve  the  scenario  development  process  is  for  the 
SDT  to  either  have  a  new  and  different  user  interface  or  for  there  to  be  more  flexibility 
within  the  current  one.  For  example,  in  order  to  make  changes  to  the  user’s  name,  it 
would  help  to  have  one  place  to  change  the  name  and  have  the  change  propagate  to 
elsewhere  in  the  scenario.  When  the  scenario  storyline  switched  from  the  Great  Aunt  to 
Sydney  Chase,  there  were  several  places  where  the  changes  had  to  be  made.  If  the  SDT 
interface  was  designed  to  make  changes  easier,  the  storyline  switch  would  have  been 
easier  to  implement.  Although,  the  automatic  nature  of  the  attacks  and  thoughts  are  very 
useful  for  some  scenarios,  most  of  the  game  engine’s  automatic  responses  did  not  apply 
to  the  home  user  environment  of  the  Identity  Theft  scenario.  Therefore,  it  would  be 
useful  for  the  developer  to  have  the  option  in  the  SDT  interface  to  switch  off  the  game 
engine’s  automatic  thought  and  attack  triggers. 

Currently,  the  main  way  to  interact  with  the  player  is  through  text-based  windows 
and  pop-ups.  Another  CyberCIEGE  recommendation  would  be  to  include  more 
multimedia  options  for  the  developer  to  use.  For  example,  speak  triggers  could  be  done 
with  an  audio  file  versus  a  pop-up  message.  If  other  communication  techniques  were 
added  to  CyberCIEGE,  the  overall  playing  experience  would  be  improved  and  the 
developer  would  have  more  tools  to  create  interesting  and  engaging  scenarios. 

Finally,  the  development  process  would  be  greatly  improved  if  the  SDT  had  an 
improved  method  of  debugging  the  scenario.  Currently,  there  is  a  crash  text  document 
and  a  log  file  to  assist  in  error  correction.  But,  the  development  process  would  be  vastly 
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improved  if  there  was  a  clearer  method  of  notifying  the  developer  where  the  errors  exist 
and  how  to  correct  the  errors. 


C.  CONCLUSION 

This  thesis  contributes  to  the  current  CyberCIEGE  Infonnation  Assurance 
training  suite  and  aids  in  the  improvement  of  the  CyberCIEGE  game  engine  and  scenario 
definition  tool.  The  Identity  Theft  scenario  can  be  used  as  a  training  tool  for  both  the  end 
user  and  the  Information  Assurance  instructor.  User  awareness  and  training  are  the  main 
tools  to  lessen  the  danger  of  identity  theft.  This  scenario  provides  some  basic  identity 
theft  prevention  techniques  so  the  player  can  learn  to  keep  identifying  information  safe 
while  online.  It  can  also  be  used  to  provide  a  real  world  example  of  why  basic 
Information  Assurance  concepts,  such  as  antivirus  protection  or  email  security,  are 
important  to  combating  online  dangers.  After  scenario  development,  an  infonnal  test 
process  of  the  Identity  Theft  scenario  was  conducted.  Testing  found  that  the  experienced 
and  expected  results  coincided.  Recommendations  for  improvement  of  the  CyberCIEGE 
game  engine,  Scenario  Definition  Tool,  and  Identity  Theft  scenario  were  also  provided. 
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APPENDIX  -  CYBERCIEGE  ENCYCLOPEDIA  PAGE 


The  following  is  the  text  that  appears  on  the  “What  is  Identity  Theft?”  section  of 
CyberCIEGE’s  encyclopedia. 

Identity  theft  is  the  misuse  of  one's  personal  infonnation  and  identity.  The 
increase  in  online  activities  which  involve  people's  personal  identification  information 
means  that  we  need  to  be  more  vigilant  to  attempt  to  avoid  identity  theft.  The  majority  of 
identity  theft  prevention  techniques  fall  under  the  realm  of  basic  computer  security 
practices,  such  as  installing  regular  antivirus  updates  and  being  cautious  of  executable 
email  attachments.  Other  techniques,  such  as  resisting  social  engineering,  being  aware  of 
who  is  collecting  the  personal  information,  and  knowing  what  the  information  is  being 
used  for,  are  also  necessary  to  protect  one's  identity. 

A  victim's  personal  information  can  be  used  for  both  financial  gain  and  to 
physically  misrepresent  the  victim  to  people  such  as  law  enforcement  officials,  employers 
or  medical  providers.  The  amount  of  time  associated  with  resolving  the  problems  that 
arise  in  the  aftennath  of  identity  theft  should  also  be  considered  a  cost  of  identity  theft. 

Not  only  does  identity  theft  impact  the  consumer,  but  it  also  negatively  affects 
businesses  and  banks.  Businesses  and  financial  institutions  have  had  to  keep  up  with  the 
increase  in  identity  theft  by  developing  new  services.  For  example,  most  credit  card 
providers  now  provide  the  option  of  placing  the  credit  card  owner's  picture  on  the  credit 
cards  for  authentication  purposes.  Similarly,  since  monitoring  one's  credit  report  is  a 
commonly  recommended  technique  to  prevent  identity  theft,  some  financial  institutions 
now  allow  consumers  to  buy  identity  theft  prevention  each  month  through  special  credit 
checking  services. 

Social  engineering  is  a  key  way  that  personal  infonnation  is  collected  for  misuse. 
People  give  away  their  contact  information,  date  of  birth,  credit  card  number,  and  social 
security  number  for  lots  of  reasons  and  services  these  days.  This  personal  infonnation  is 
asked  for  in  conjunction  with  online  activities  that  range  from  buying  books  to  joining  a 
professional  organization  to  paying  bills. 


33 


Even  if  key  information,  such  as  passwords,  is  not  supplied  by  the  individual, 
enough  personal  information  can  be  collected  to  be  damaging  to  the  security  of  a  person's 
identity.  It  is  important  to  be  aware  of  who  exactly  is  collecting  personal  information, 
what  the  information  is  going  to  be  used  for,  and  what  the  privacy  policies  are  of  the 
companies  who  have  the  infonnation. 

The  following  is  a  breakdown  of  commonly  recommended  methods  of  prevention 
for  digital  identity  theft: 

-Install  and  regularly  update  antivirus  and  spyware  protection  software. 

-Be  cautious  about  executing  email  attachments.  This  is  a  common  way  that 
attackers  can  install  malware  and  spyware  on  the  computer. 

-Use  a  secure  web  browser  for  online  transactions  which  employs  techniques, 
such  as  encryption,  to  keep  your  personal  information  more  secure. 

-Resist  social  engineering  techniques  to  get  your  personal  information.  For 
example,  make  sure  that  the  website  you  are  using  to  conduct  online  transactions  is  the 
actual  company  versus  a  dummy  website. 

-Practice  good  password  security  techniques.  Passwords  and  PINs  should  not  be 
given  out  to  other  people. 

-Maintain  the  security  of  your  computer  by  practicing  activities,  such  as  installing 
operating  system  and  application  patches. 

-Install  and  properly  configure  a  firewall  on  your  personal  computer. 

-Be  aware  of  the  privacy  policies  of  the  companies  and  institutions  that  you  give 
your  personal  infonnation  to. 

-Make  sure  that  all  personal  infonnation  is  properly  deleted  from  technological 
devices  before  giving  them  to  other  people  or  disposing  of  them. 

This  Federal  Trade  Commission  web  page  describes  the  basics  of  identity  theft 
and  what  people  should  do  if  they  become  an  identity  theft  victim.  This  Federal  Trade 
Commission  Survey  Report  from  2003  describes  the  forms  of  identity  theft  and  provides 
some  identity  theft  statistics. 
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People  may  not  be  able  to  control  what  happens  to  their  personal  information 
once  it  is  out  of  their  hands,  but  computer  users  can  definitely  become  more  vigilant 
about  how  they  use  their  infonnation  on  the  computer  and  online. 
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